<?php
include_once 'admin-functions.php';
include_once '../functions.php';

if ((isset($_SESSION['logged_in'])) && ($_SESSION['account_rank'] == 0)) {}
else {header('Location: page.php');exit;}

/* BEGIN USER ADD FORM */
// if &add=yes is appended, show the adduser form
if (isset($_GET['add'])) {
echo '<h2>User Manager: add</h2>
<p><br /><br /></p>
	<div style="text-align:left; margin-top:-3em;"><a href="page.php?p=users">Back to User List...</a></div><br />
	<form action="page.php?p=users" method="post"><label for="username">
	<strong>Username</strong> - Will show up on all posts</label><p class="input"><input name="username" id="username" value="" /></p>
	<label for="password"><strong>Password</strong></label><p class="input"><input name="password" type="password" id="password" value="" />
	</p><label for="password_confirm"><strong>Password Confirm</strong></label>
	<p class="input"><input type="password" name="password_confirm" id="password_confirm" value="" /></p>
	<label for="password_confirm"><strong>Rank</strong></label><p style="margin-top:-1em;">
	<select style="width:130px;" name="rank" id="rank"><option value="0">&nbsp;Administrator</option>
	<option value="1">&nbsp;Basic User</option><option value="2">&nbsp;Write Only</option></select></p><p></p>
	<p style="margin-top:-1em;">Administrator - <em>Create, Delete, and Modify Content and Users</em></p>
	<p style="margin-top:-1em;">Basic User - <em>Create &amp; Delete Posts</em> </p><p style="margin-top:-1em;">Write Only - <em>Create posts</em></p>						<input type="hidden" name="add" value="yes" />						</p>		<p class="button"><br /><br />			<button name="submit" type="submit">Add!</button>		</p>	</form>';
}

/* BEGIN USER ADD FUNCTION */
if (isset($_POST['add'])) {
		// make sure they are logged in, have sufficient privilges, and that the user being added doesn't already exist
		if  (isset($_SESSION['logged_in']) && $_SESSION['account_rank'] == 0 && array_key_exists($_POST['username'], (parse_ini_file("./users.ini.php", true))) == 0) {
			// load our ini
			$original_data = file_get_contents('users.ini.php');
			// declare our vars
			$username = $_POST['username'];
			$password = $_POST['password'];
			$password_confirm = $_POST['password_confirm'];
			$rank = $_POST['rank'];
			// check to make sure the password confirmations are the same
			if ($password == $password_confirm) {
				// write out data
				// this makes sure that our file is not readable in a web-browser by nasty people
				$data .= "<?php\n";
				$data .= '[' . $username . ']';
				$data .= "\n";
				$data .= 'type = "' . $rank . '"';	
				$data .= "\n";
				$data .= 'md5 = "' . md5($password) . '"';
				$data .= "\n\n";
				$data .= $original_data;
				$data .= "?>";
				// We'll leave this standardized for now
				$fp = fopen("users.ini.php", "w");
				fwrite ($fp, $data);
				fclose ($fp);
				echo "<div style=\"text-align:center\">User <strong>" . $username . "</strong> sucessfully added!<br />";
				echo "<a href=\"page.php?p=users\">Go Back</a> to User Manager</div>";				
			}
			// if they don't match, report back
			else { echo "Your passwords don't match! Please re-enter.";}
		}
			// if they don't have permissions, report back
			else { echo "<div style=\"text-align:center\">Please make sure you have permission to add users, and that the user doesn't already exist!<br /><a href=\"page.php?p=users\">Go Back</a> to User Manager</div>";}

// end the global add if
}

/* BEGIN THE EDIT PAGE */
if (isset($_GET['edit']) && isset($_SESSION['logged_in'])) {
	// edit id set
	$edit_id = $_GET['edit'];
	// load our ini
	$content = parse_ini_file('users.ini.php', true);
	// title stuff
	echo "<h2>User Manager: $edit_id </h2>";
	echo "<p><br /><br /></p>";
	// back to the future
	echo '<div style="text-align:left; margin-top:-3em; "><a href="page.php?p=users">Back to User List...</a></div><br />';
	// submit our form to ourself via post	echo '<form action="page.php?p=users" method="post">';
	// offer some password changing inputs
	echo '<label for="item_c"><strong>Reset Password:</strong></label>';	echo '<p class="text">';		echo '<input name="password" id="item_a"/>';	echo '</p>';	
	echo '<label for="item_c"><strong>Confirm Password:</strong></label>';	echo '<p class="text">';		echo '<input name="password" id="item_a"/>';	echo '</p>';	
	// show the user rankings
	echo '<label for="password_confirm"><strong>Rank</strong></label><p style="margin-top:-1em;">
	<select style="width:130px;" name="rank" id="rank">
		<option value="0">&nbsp;Administrator</option>
		<option value="1">&nbsp;Basic User</option>
		<option value="2">&nbsp;Write Only</option>
	</select></p>
	<p></p>
	<p style="margin-top:-1em;">Administrator - <em>Create, Delete, and Modify Content and Users</em></p>
	<p style="margin-top:-1em;">Basic User - <em>Create &amp; Delete Posts</em> </p><p style="margin-top:-1em;">Write Only - <em>Create posts</em></p>';
	// a hidden value that gives us it's id when posting
	echo "<input name=\"id\" type=\"hidden\" value=\"";
	echo $edit_id;
	echo "\" />";	echo '</p><p class="button">';	echo '<button name="submit" type="submit">Update!</button></p></form></div></div>';
}

/* BEGIN THE EDIT CONTROLLER */
if (isset($_POST['id']) && isset($_SESSION['logged_in']) && $_SESSION['account_rank'] == 0) {
	// load our ini
	$content = parse_ini_file('users.ini.php', true);
	// define our vars
	$username = $_POST['id'];	
	$updated_password = $_POST['password'];
	$updated_password_confirm = $_POST['password_confirm'];
	$updated_rank = $_POST['rank'];	
	
	// apply changes
	$content[$username]['title'] = $updated_title;
	$content[$username]['content'] = $updated_post;

	// sort things out...just for good measure
	krsort($content);
	// see how many posts we have in total
	$number_of_entries = count($content);
	// because we're going to be printing them in sequential order, we need to rekey them that way
	$rekeyment = array_keys($content);
	// write them out using their rekeys as their keys ;-)
	$data .= "<?php\n";
	for ($i=0; $i<$number_of_entries; $i++)
	{

		$data .= '[' . $rekeyment[$i] . ']';
		$data .= "\n";
		$data .= 'date = "' . $content[$rekeyment[$i]]['date'] . '"';	
		$data .= "\n";
		$data .= 'title = "' . $content[$rekeyment[$i]]['title'] . '"';
		$data .= "\n";
		$data .= 'author = "' . $content[$rekeyment[$i]]['author'] . '"';
		$data .= "\n";
		$data .= 'content = "' . $content[$rekeyment[$i]]['content'] . '"';
		$data .= "\n";
		$data .= "\n";
	}
	$data .= "?>";
	$fp = fopen($blog_db, "w");
	fwrite ($fp, $data);
	fclose ($fp);
	echo "<div style=\"text-align:center\">Post <strong>" . $id . "</strong> sucessfully changed!<br />";
	echo "<a href=\"page.php?p=manage\">Go Back</a> to Entry Manager</div>";
	/* maybe at some point we could have a visual comparison of the original and modified version, showing all changes, 
	and a classic google "undo" button that would revert changes. */

}



/* BEGIN TABLE LISTING */
// if there are no other request, print the user listing
if (isset($_GET['add']) == FALSE && isset($_POST['add']) == FALSE && isset($_GET['delete'])==0 && isset($_GET['edit'])==0) 
	{
	echo '<h2>User Manager</h2><br /><br /><div style="text-align:right; margin-top:-3em;">
	<a href="page.php?p=users&add=yes">Add User...</a></div>';
	
	// load our ini
	$content = parse_ini_file('./users.ini.php', true);
	// see how many posts we have in total
	$number_of_entries = count($content);
	// because we're going to be printing them in sequential order, we need to rekey them that way
	$rekeyment = array_keys($content);
	// prep the table
	echo "<table>
			<thead>
				<tr>
					<th style=\"width:1em\">Delete</th>
					<th style=\"width:1em\">Edit</th>
					<th style=\"width:9em; text-align:left;\">Username</th>
					<th style=\"width:5em\">Rank</th>
				</tr>
			</thead>
			<tbody>";
	
	// list entries
	for ($i=0; $i<$number_of_entries; $i++) 
		{
				//Starts the new row
				echo '<tr>
						<td>';
				echo "<a onclick=\"return confirmSubmit('Are you sure you want to delete this user?')\" href=\"page.php?p=users&delete=" . $rekeyment[$i] . "\" title=\"Delete\">
				<img style=\"margin-top:2px;\" src=\"theme/deletesmall.png\" alt=\"Delete\" /></a>";
				// Edit User Button
				echo "<td><a href=\"page.php?p=users&edit=" . $rekeyment[$i] . "\" title=\"Edit\">
				<img style=\"margin-top:2px;\" src=\"theme/editsmall.png\" alt=\"Edit\" /></a>";
				// echo the username
				echo "<td style=\"text-align:left;\">" . $rekeyment[$i] . "</td>";
				// Gives the user rank
				echo "<td>";
				switch ($content[$rekeyment[$i]]['type']) 
				{
					case 0: echo "Administrator"; break;
					case 1: echo "Basic User"; break;
					case 2: echo "Write Only"; break;
				}
			echo "</td></tr>";
		// ends the "for"
		}			
	// ends the table
	echo "</tbody></table><br /><br /></div></div>";
// ends the if 
}


/* BEGIN THE DELETE FUNCTION */
if (isset($_GET['delete'])==1 && $_SESSION['account_rank']==0 && isset($_SESSION['logged_in'])) {
	// name the delete name
	$delete_name = $_GET['delete'];
	// load our ini
	$content = parse_ini_file("./users.ini.php", true);
	// make sure the username exists
	if (array_key_exists($delete_name, $content)){
		// see how many usernames we have in total
		$number_of_entries = count($content);
		// because we're going to be printing them in sequential order, we need to rekey them that way
		$rekeyment = array_keys($content);
		$data .= "<?php\n";
			for ($e=0; $e<$number_of_entries; $e++) {
				// by design, this leaves out the delete's entry, and it isn't written to disk
				if ($rekeyment[$e] != $delete_name) {
					// write out our entries...
					$data .= "[" . $rekeyment[$e] . "]\n";
					$data .= "type = \"" . $content[$rekeyment[$e]]['type'] . "\"\n";
					$data .= "md5 = \"". $content[$rekeyment[$e]]['md5'] . "\"\n";
					$data .="\n";
				}
			}
		// write to disk
		$data .= "?>";
		$fp = fopen("./users.ini.php", "w");
		fwrite ($fp, $data);
		fclose ($fp);
		echo "<div style=\"text-align:center\">User <strong>" . $delete_name . "</strong> sucessfully deleted!<br />";
		echo "<a href=\"page.php?p=users\">Go Back</a> to User Manager</div>";
		}
	// if the user doesn't exist, forget that!
	else { echo "<div style=\"text-align:center;\"><strong>Whoops!</strong> The user " . $delete_name . "doesn't appear to exist!<br /><a href=\"page.php?p=users\">Go Back</a> to User Manager</div>";}
}

if ($_SESSION['account_rank']!=0 && isset($_GET['delete'])) 
	{
	echo "<div style=\"text-align:center;\"><strong>Whoops!</strong> You don't have permission to manage users!<br /><a href=\"page.php?p=users\">Go Back</a> to User Manager</div>";
	}
	


?>